Legislative Assembly of Ontario

ANNUAL REPORT, PROVINCIAL AUDITOR, 1992: MINISTRY OF HEALTH

ROYAL BANK OF CANADA

BRYKER DATA SYSTEMS LTD

CONTENTS

Thursday 3 June 1993

Annual report, Provincial Auditor, 1992: Ministry of Health

Royal Bank of Canada

Norman Achen, senior vice-president, marketing and corporate banking

Martyn Cooper, manager, technology integration

Bryker Data Systems Ltd

Renah Persofsky, vice-president, business development

STANDING COMMITTEE ON PUBLIC ACCOUNTS

*Chair / Président: Cordiano, Joseph (Lawrence L)

*Vice-Chair / Vice-Présidente: Poole, Dianne (Eglinton L)

*Callahan, Robert V. (Brampton South/-Sud L)

*Duignan, Noel (Halton North/-Nord ND)

*Farnan, Mike (Cambridge ND)

*Frankford, Robert (Scarborough East/-Est ND)

Hayes, Pat (Essex-Kent ND)

*Marland, Margaret (Mississauga South/-Sud PC)

*Murphy, Tim (St George-St David L)

*O'Connor, Larry (Durham-York ND)

*Perruzza, Anthony (Downsview ND)

Tilson, David (Dufferin-Peel PC)

*In attendance / présents

Also taking part / Autres participants et participantes:

McCarter, James R., executive director, ministry and agency audits, Office of the Provincial Auditor

Peters, Erik, Provincial Auditor

Clerk / Greffiére: Manikel, Tannis

Staff / Personnel: McLellan, Ray, research officer, Legislative Research Service

The committee met at 1009 in room 151.

ANNUAL REPORT, PROVINCIAL AUDITOR, 1992: MINISTRY OF HEALTH

The Chair (Mr Joseph Cordiano): The members of the public accounts committee will come to order now. On our agenda for today we're dealing with the Ministry of Health registration system, which referred back to section 3.10 of the Provincial Auditor's 1992 annual report, the smart card technology.

ROYAL BANK OF CANADA

The Chair: As you recall, we wanted to hear from the Royal Bank of Canada, which is present, I hope, this morning. Mr Martyn Cooper and Mr Norman Achen, would you like to come forward, please. Welcome to the committee. You can make your presentation, and customarily we have questions by members of the committee, so if you'd like to proceed in that fashion, then please do so.

Mr Norman Achen: I'll first introduce myself. I'm Norman Achen, senior vice-president of marketing and corporate banking at the Royal Bank. In this function, I'm responsible for all aspects of product development and marketing and service quality to our business clients throughout Canada and around the world.

As you know, we have a large and long history in data processing and computer networks today, and Martyn can fill you in more on the technical aspects. Maybe I'll just give you some background. Today, we have something like 1,700 branches, 3,800 automated banking machines and 15,000 business clients coming in to us either on an on-line basis or on a batch basis throughout the day. So we run a very large network, and we have also issued over the years millions of Visa cards and client cards for entitlements throughout our system. Martyn will give you more details on that. I'll just sort of set the background.

Mr Martyn Cooper: Good morning. My name is Martyn Cooper. I'm the manager of technology integration for the Royal Bank of Canada within the systems and technology department. I've worked in the banking industry now for 21 years, and I've been involved with most of the major technology initiatives that the banks have undertaken: ATMs, point-of-sale devices, electronic banking services to our clients, and I've also been involved with smart card technology for about five or six years. The bank has a great interest in smart card technology and we see it as an important technology in terms of our card-based services. That essentially is the way we identify and authenticate our customers and offer those services.

I've also been involved for a good number of years in looking at other opportunities the bank could move into. One of those fields is health care. We've been looking there at some of the problems and possibilities within health care, and we really sort of view that as having much the same sort of problems and needs as banking has. It's got a very large client base of multiple millions, and the Royal Bank has about 30 million customers when we look at both our normal banking cards and our Visa cards. We manage sort of a terminal base in terms of ATMs and banking terminals in the tens of thousands. We run something in the region of 20,000 personal computers attached to our networks. We process tens of millions of transactions on a daily basis, and I think we do it fairly well.

In terms of health care, we saw there being a similar sort of situation where there's a large client base and cards needed to be issued to those people to identify them and to authorize them to use health care services. In order to manage a wider health care service and the information that comes out of that, there appears to be a need to put devices into doctors' offices, into hospitals, into pharmacies, so they can identify their customers, have better information so they can treat them better, and of course the ministry needs all that information collected centrally so it can manage outcomes and manage some of its programs.

We see there an almost direct parallel to what the banks do on a daily basis, so we thought that the banks could offer their expertise in these areas to solve some of the problems that we see being faced by the province and the ministry.

The Chair: Okay. Any questions?

Mr Robert Frankford (Scarborough East): Perhaps I could have some guidance. Are we going to be hearing a particular proposal on how it should be, or are we going to discuss --

The Chair: Perhaps you can answer that.

Mr Martyn Cooper: We came along on the invitation of the committee. I believe at a meeting several weeks ago, there was an article that Mr Callahan had that was given by the Hamilton Spectator. There we were showing some software and talking about the use of smart card technology in particular and the ability of that technology to answer some of the issues that seem to face the ministry with cards: the overissuance of cards, the potential fraud situations that maybe are happening out there because of the overissuance of cards and the strain that puts upon the ministry in terms of budgets.

That's really what we came to talk about. We didn't have a prepared presentation, we thought we would answer questions, but if you would like to talk about smart card technology and its potential in some of these areas, especially the relation to health card fraud, then we could do that.

The Chair: Might I suggest that we have a little elaboration on what you see the potential for that is.

Mr Noel Duignan (Halton North): I've got a point of clarification. We're talking about smart cards. Are you talking about a smart card as a card with a microchip in it, for example, containing X amount of information, or are you talking about making the existing card smarter?

Mr Martyn Cooper: I think there's the option of making the existing card smarter to answer some of the problems that the ministry faces in terms of fraud. There's also the option to move to smart card technology, which has a greater potential to address some of the other issues facing health care. Maybe if I could talk about smart cards for a while and expand on some of those ideas, it might generate some questions.

We have some smart cards here, if the committee would like to take one. There's certainly some there. There is a card here that we've cut the corner off, that shows the microchip in the back.

Mr Duignan: Just on that point, as you know, the smart card itself is a very expensive card to produce and worth $10 to $15 a card, which in this time of tight money is really an exorbitant cost. There was also the question of the information contained on the smart card, whether the whole question of privacy and the Freedom of Information and Protection of Privacy Act would apply. So I would like to hear a little bit more about how we can make the existing card system we have smarter rather than focusing on the smart card.

The Chair: Before we do that, Mr Frankford, do you have another question? You had the floor, actually.

Mr Frankford: Actually, one piece of clarification: Mr Duignan referred to them costing $10 to $15. I would like to know the cost, plus I could mention that when we had the discussion of the Fort Frances project, I asked if we could get the budget of that, which I don't believe we've had yet. Could we repeat that?

The Chair: Perhaps Ray can clarify.

Mr Ray McLellan: That was sent out to the clerk's office, I think, a week ago. I have an extra copy here if you'd like to see it.

Ms Dianne Poole (Eglinton): It was distributed to members. At least, I received one in my office.

Mr Duignan: I received one as well.

The Chair: Then if you have an extra copy -- there, Mr Frankford. Perhaps we can proceed with a little elaboration on what smart card technology is all about.

Mr Martyn Cooper: Smart card technology is, as you can see, a small computer chip contained in a typical plastic identification card. Behind the gold contacts there is a microprocessor which has the power equivalent to some of the earlier computers. It can actually process information on the card and it also has storage capabilities to store information on the card. Technology today would allow it to store about 20 to 30 pages of information typically, which is a fair amount, depending upon the application.

The cost of the technology now in the sort of volumes we'd be talking about for Ontario is probably less than $5 a card from our current estimates, information from suppliers. Really, when you look at the technology as such, you have to weigh it against the alternatives, and the alternatives are, obviously, the sort of current card with a magnetic stripe on the back.

1020

When those cards start to be used and they're starting to be used in some sort of information service where the card is swiped in order to identify a citizen and the various services available to them under the Ontario health program, then you would start to use that magnetic stripe and read information from it.

Magnetic stripe technology is very sort of fragile. It's very fragile to magnets, and a large amount of magnets are usually stored on purses or on wallets, and magnets are often carried around in people's handbags or they've got magnetized key-rings, and those stripes get damaged quite easily. The failure rate that you can experience there is up to 30%, so it means that they have to continue to be reissued if they're being used. Once you take that reissuance cost into account, the comparison to smart card technology, at $5 a card, becomes pretty close.

The benefits the smart cards bring then have to be taken into account. The main benefits of smart cards fall into three areas.

There's the confidentiality of them, and I believe there has been a provincial report out from the privacy commission on smart card technology in terms of its confidentiality and its relevance to health care, and they came out in favour of the technology.

There's also the security of the card. Now, if we look at the present implementation for cards in health care, there would appear to be three problems in terms of fraudulent opportunities. One is the overissuance and the ability to get a card quite easily, and I think the numbers being talked about are 1.2 million or thereabouts, cards in issue above the number of population in Ontario. It's fairly easy to get a card, and I'm sure there are some fraudulent situations being perpetrated there, things in the area of selling cards maybe to the United States for their citizens to use the system. We hear stories about organized crime having drug rings to get prescription drugs free and then selling them on the street.

Then the second possible fraudulent area, if those sorts of gaps can be plugged -- and I think they can, and we can talk about that later, Mr Duignan -- is the cards become very easy to copy. Those cards can be produced quite easily and copied quite easily and then those cards could be used to get health services.

The probable third area of fraud is where individuals give their cards to relatives or to friends who live outside the country and who come in to use the health card services.

Smart card technology can start to address some of those issues in that it's a secure technology; it can't be copied. The ability to store information on the card would be such that you could store, say, some demographic information about the cardholder -- maybe sex, height, colour of eyes, birthmarks -- so that a doctor or a medical provider could look at that information before providing service. They could say at least, "Yes, this probably is a valid cardholder," and suchlike.

The benefits of the card would also then extend into things that the health care experience now has problems in, such things as drug reactions, where 70% of seniors, it's estimated, end up in hospital to be dried out from drug interactions where they visit multiple doctors and get multiple drugs prescribed and those drugs interact with each other and cause problems. They estimate that something like 22% of people diagnosed with Alzheimer's are purely suffering from drug interaction problems.

The possibility to store, say, a prescription history on the smart card so a doctor or pharmacist, before they prescribe drugs, could look at those interactions would obviously take some strain off the system and reduce a certain amount of cost. I think that was proven out at the North Bay pilot where smart cards were issued to veterans.

You could also store information on the card that could be used in a medical emergency, such non-confidential information as, say, next of kin, any sort of conditions a person had: heart conditions, any allergy to any particular drugs could be accessed.

That's why we see smart cards as being of benefit and why we in the banking industry are interested in them in terms of some of the services we offer.

Ms Poole: I'd like to take a look at the costing of the smart cards. I think Mr Duignan mentioned it could cost up to about $15 per card and your estimate was that it would actually be less than $5 per card. Was this based on a certain quantity?

Mr Martyn Cooper: This was based on quantities of millions.

Ms Poole: So this would probably be an appropriate figure to use if you were looking at the health care system. When we had people here from the pilot project several weeks ago, they mentioned the fact that it was possible to put on the smart cards certain types of identification, for instance, photo ID or fingerprints to ensure that fraud is eliminated. It appeared that in the pilot project they were not actually looking at these two methods.

Have you had any experimentation with those methods of identification being incorporated into a smart card?

Mr Martyn Cooper: We've looked at the fingerprint technology. It is a possibility. It's got some reliability issues at the moment, but it's a fairly simple means of identifying an owner of a card. It's one of the biometric techniques. There are signature verification techniques which we've had some experience of where the signature can be codified in the card and verified. There are also retina scans.

I think in any sort of public system a fingerprint scenario is a possibility and it's a good possibility.

Mrs Margaret Marland (Mississauga South): Excuse me, what was the word before scans?

Mr Martyn Cooper: Retina scan, sorry, an eye --

Mrs Marland: Oh, retina, sorry, I couldn't hear it.

Mr Martyn Cooper: Fingerprints are a possibility and quite a convenient way for people to identify themselves. You can store pictures in the card. That's been done by certain organizations in the States, especially high-security organizations where the card is inserted and the picture comes up on a screen for someone to view so they can identify that person as being the owner of the card.

As I said, there are other less intrusive ways of doing it. One could store a profile of that individual in the card in terms of height, eye colouring, birthmarks, sex, maybe age grouping so that you could say, you know, if I've got a female's card, then obviously I'm not authorized to use that.

There are multiple ways you can use the technology to identify people. You could store in the card simple information like mother's maiden name or place of birth and ask those questions if you had any doubt that person was the owner of the card. I think there are multiple ways of identifying people as owners.

Ms Poole: In your opinion, if the fingerprint mechanism was used, would this entail considerable additional cost to formulating either the smart card or the reading of the smart card, or could it be easily incorporated into the card without additional cost?

Mr Martyn Cooper: It wouldn't increase the cost of the card; it would increase the cost of the readers in those locations where the card was used by, I would think, a marginal amount. The technology is becoming readily available now. It's becoming fairly cost-effective. We have a couple of readers here. We've got a smart card reader here that could be incorporated into a PC. They were talking about the $10 to $15 range for a reader in a PC.

We have a terminal here that we use for our corporate clients who dial into the bank for service and that's more powerful, with a modem in and a keyboard for entering passwords and a display for information. That could be a standalone terminal in an office. To put a fingerprint reader on would increase the cost marginally.

1030

Ms Poole: That's quite interesting. How much does this particular reader cost, the one that's more sophisticated?

Mr Achen: I think when we started out -- and we developed this from scratch about 1985-86 -- it was fairly costly in terms of technology at that time. I think we were in the area of $900 a reader. That's gone down considerably now. But we're not buying these in the volumes that you would be talking about for the health care system in Ontario. We have about 2,500 corporations, and each corporation might on average have four or five, so you're only talking about $10,000. Once you start buying in volume and using today's technology, I imagine you could get that down to a couple of hundred dollars.

Ms Poole: But it is interesting to note that you can purchase a modem for $15 or $20 that would attach to any PC. I don't recall getting that type of information when the pilot project people were here, that there was something that effective and that inexpensive that could be used as a reader. This is quite reliable and it would probably do everything that you need, except perhaps if you went into fingerprint identification.

Mr Martyn Cooper: Yes, this would just simply read the card. The card gets inserted and it's read. This would have to be attached to a personal computer that would interpret the information on the card and transmit information to be written to the card. But the cost of this technology now has all been driven down by volume. You're probably aware of the cost of personal computers now and how they're being driven down by volume.

Ms Poole: But the advantage of this is that most physicians, or certainly many physicians, many health care facilities, certainly all hospitals, would already have their PCs in operation, so for minimal cost it would be able to establish the reading facility.

Mr Martyn Cooper: Yes, so the card could be carried around as an identification mechanism and contain some sort of information that would help increase the effectiveness of health care in terms of prescription histories and allergies and common symptoms or whatever.

Mrs Marland: I hope we're not seriously considering anything that incorporates fingerprinting. I think we would have an uprising in this province and I would probably lead it, if we were going to start for any reason other than the reason that exists today under the Criminal Code. I wouldn't support anything that was even discussing a fingerprint identification system, because I really see that as an invasion of privacy.

Just to be perfectly straight about it, if that were the case, we would be asking patients to come in and give an imprint at the time that they were asking for a health service. I mean, really, it would be wonderful, especially if they were unconscious at the time they came in. I think the ramifications of using that would be atrocious, absolutely atrocious.

However, I think there are some exciting aspects of this discussion, especially because one of my questions was going to be, what kinds of costs are we looking at for the individual physician or health care practitioner around the province? If you're talking about someone who already has computerized equipment, an additional $10 or $15 is nothing. I'm sure that the beleaguered physicians around the province are probably saying, "Everything is something," at this point, especially today, with the raging debate of the social contract.

When you're looking at the aspect of the protection for the user in terms of the example that you gave about seniors and multiple medications and so forth, of course there are chains of pharmacies which currently boast that this is one of the reasons you should go to them, because that's what they're doing; they're keeping everything on record. But I think anything that protects the public from itself in terms of abuse with remedies for health problems would be worth pursuing.

To be perfectly direct, is the interest of the Royal Bank -- and I'm speaking as a Royal Bank customer -- to be able to combine a total service? I'm sorry I missed the first few minutes of your opening comments; you may already have answered this. We're just being invaded by GM cards, all kinds of plastic cards for any organization that wants to give you the privilege of spending $1,000 a month and then getting a 5% credit towards buying their baby buggy, whatever it is. What is the interest? Is it a very strong business interest that's driving the Royal Bank in your research department or is it that you are seeing other advantages through your business and commercial accounts in banking?

Mr Achen: As I mentioned at the beginning, we have 25 years' experience in issuing and managing a card system, which started out, if you'll recall, in the old click-click machines in very much a manual, paper mode. Over the years, as technology advanced, as communications costs came down and as need increased to prevent fraud and misuse of cards, this has come today to be very much a large, on-line network across the country where the cards and the transactions are recorded in electronic form.

So we have long experience in providing total solutions in a banking environment which has the elements that you're talking about in a health care system; that is, entitlement and issuance of the card, the ongoing maintenance of a card base and ensuring that the cards are reissued and maintained and used by entitled users, and then the transmission and storage of that data.

We are not a smart card manufacturer. We are not advocating a particular smart card. But we do have experience in that whole chain of activities, from issuing cards, maintaining cards, transmitting information, running on-line networks and the like.

Our interest is in helping Ontario with its health care network that has been talked about in its various pieces. We have had discussions with government officials and made proposals.

Mrs Marland: I was going to ask you that. Whom have you talked to?

Mr Achen: We've had meetings with the deputy minister and other officials --

Mrs Marland: Of Health.

Mr Achen: There was a three-bank consortium that responded to the request for a proposal for the Ontario drug program, led by the Royal Bank. So we've had an ongoing interest in this and have tried to participate and add advice and our expertise to the equation.

When you get into a chain that I described, of issuing cards, maintaining cards, using cards, transmitting and storing the information, you're talking about a long chain of activities. You have been discussing, in your committee, various aspects of this chain, from the issuance and the entitlement through to the technology.

Mrs Marland: You mentioned a deputy minister. Was that the Deputy Minister of Health?

Mr Achen: Yes, the Deputy Minister of Health.

Mrs Marland: What was the reaction that you got from that deputy?

Mr Achen: In our various discussions, I would say that the ministry officials were very interested and asked us a lot of questions and, I would say, took the information under advisement.

1040

Mrs Marland: Would they have to use your system? If they decided your smart card was the way to go -- well, first of all, I'm sure everybody wouldn't have to have a Royal Bank account, but they would have to use your hardware system. Is that right?

Mr Achen: No, that's not necessarily true. No.

Mrs Marland: No?

Mr Achen: There are many ways you can construct the operation of the entire chain of activities using pieces that are purchased from outside vendors. Obviously, the card would be purchased from somebody, but the network and the various technologies would be purchased from a variety of suppliers. There is no one supplier that has the total answer, because if there was, I'm sure you would have talked to them by now.

You're talking about a very long chain of activities which has very many permutations and combinations to it and can exist in paper form or can exist in an on-line, real-time, fingerprinted or some very-high-level-of-technology form. What each government has to decide for itself is how it proceeds to build that chain: what are the weakest elements, what are the elements that are strongest that it already has, and how it fits it together and how it improves it over time.

As I said, we started with our Visa system in a paper mode with simple plastic cards and now we're into electronic networks linking to other banks, and linking worldwide to other banks.

Mrs Marland: Have you any advice about anybody else we should be talking to based on the Royal Bank's experience of gathering your information?

Mr Achen: I'm not aware of all of the people that you've already talked to, so I --

Mrs Marland: Would you be willing to give us a list of experts in this field that we might like to talk to?

Mr Achen: Our position always has been that we want to work with the government to help construct the total solution, to bring our expertise, our particular experiences and expertise, to the equation. We would not claim to have all of the answers in this particular case, but we could certainly contribute to the equation.

Mrs Marland: By giving this committee the information, how would --

Mr Achen: We could give this committee various types of information and, as I said, we have met with Ministry of Health officials and have been putting into that equation also.

Mrs Marland: But when we're in opposition, we don't get to attend those meetings. So all I'm saying is that I think there would be an advantage for the committee to know who in the industry you might suggest we might also like to talk to as a committee. That is what I'm speaking of.

Mr Achen: Oh, I see. Um --

Mrs Marland: No, I'm sorry. I'm not suggesting that you do this now. I'm just wondering if there may be some prominent names of industries or individuals that you might like to submit to us for our consideration, because obviously this committee has no expertise in this area -- I think that's fair to say -- other than, thank goodness, our staff who sit on this committee. But it would be to our advantage if there were other people that we should be hearing from, and if you would be willing to submit those names to the clerk we'd certainly appreciate it in the future.

Mr Duignan: Could I add something on that point, Margaret?

Mrs Marland: Go ahead.

Mr Duignan: Including the company that processes the information for the Royal Bank. For example, when you swipe your Visa card, it's cleared through a company in Mississauga. They're the ones that do a lot of the process and they're the ones that give you feedback on the information, the transactions that take place. Right?

Mr Martyn Cooper: Yes.

Mr Duignan: So they're the ones that handle a lot of the processing of the card. They're the ones that tell you whether the card is good or bad?

Mr Martyn Cooper: No. Each individual bank whose customer is issued with a Visa card maintains those transaction records and does that approval. There is a switch that the banks own, and all the terminals in our worldwide network -- because you can access your Royal Bank account from Europe or from America. They all go through a switch, and that switch passes it off to each individual bank to authorize and validate and approve.

Mr Duignan: All the cards go through this particular company in Mississauga, all the Visa cards.

Mr Martyn Cooper: Oh, I see. There's a company in Mississauga that produces our cards, yes. We use that company to produce our cards.

Mrs Marland: You're talking about the manufacture of the item?

Mr Martyn Cooper: Yes, manufacture of the item and the imprinting of the item. All they do is just make a dormant piece of plastic and then the customer has to come into a banking device in order to start to use the card, the service. The personal identification number is selected in their branch and stored on our computers.

Mr Duignan: I don't want to jump the gun here. I don't know whether your bank uses this particular company in Mississauga, but every transaction that takes place, if I take my Visa card and go to a supplier and buy something and it's swiped through, it's cleared through this particular company in Mississauga. I was there. I was wondering, does your bank go through that?

Mr Achen: The Visa clearing centre.

Mr Martyn Cooper: There's a company called TDSI, but we don't use those.

Mr Duignan: You don't use those.

Mr Martyn Cooper: I think smaller financial institutions use that service.

Mr Duignan: I'll get to that later, because someone else is waiting.

The Chair: I have several more people on the speaking list and I'm going to move to Mr Frankford, who's been patiently waiting.

Mr Frankford: Perhaps, for a start, let me get back to reality. We are talking here about the delivery and payment of health services primarily, and doing those in the most cost-effective way. Let me just make a comment now that I have many reservations that this is going in the right direction at all. I think there is a whole sort of feeling that there are technological solutions, but I think there are other solutions and I'll perhaps get into that later.

On this, one is really talking about the interface between providers and the population, and I would remind you that we're talking the entire population. This is not bank accounts. This is everyone from birth to death, maybe even before birth. This is a very different situation we have from banking, and I think we have to be very, very cautious. The banking paradigm, with respect, is really quite simple. It's about the transfer of money one way or another, or paying for straightforward transactions like restaurant meals. That is really quite different from the complexity of health care, and I think there's a real problem that a lot of these discussions have been predicated almost on that simple transaction mode. You, consumer, decide to go to a physician to provide almost a discretionary service. Well, this is not the case. We're dealing with people who are sick, who need constant care, who may be hit, found unconscious. We have many situations like that.

Perhaps at this point, I would like to reiterate a suggestion I made last week that the people who come to this committee should include certainly the Ontario Medical Association and I think perhaps the College of Physicians and Surgeons of Ontario as well, because of the confidentiality issues. If we go along with this, many of the things which have just been allowed to go by I think have profound implications for professional traditions and the way the professions conduct themselves. So I think I would make that request at this point.

We've been going along with this assumption that we know what it's about. It's sort of transactions that then get reported back. This I think goes along with a assumption of a fee-for-service paradigm, which I would remind you is certainly not the universal case, and we should keep on reminding ourselves of that. Certainly, the ministry has reservations about that. I don't think it has any overall policy on the payment mode, but we certainly have a mixture. I have my personal, very strong views on that.

1050

I assume that Mr Cooper and I come from the same country, and I know that the way things are organized there is quite different. It is not, so far as I know -- and I've not been there lately -- demanding a reporting to the centre of every clinical transaction requiring cards. None of this is to be taken that I'm in any way against computerization. I believe we have all sorts of networks, I believe we have to have all sorts of reporting back, but I think perhaps we should be thinking of those data we get being aggregate data. The requirement for them all to be individually reported is questionable, and I very much go along with Mrs Marland's points about the confidentiality issue. It's easy to talk of all this, but I hear some real Big Brother implications. If that's the worst implication, then we'll start making all sorts of exceptions and I think what starts off as an apparently neat system just gets into a complete mess.

I said I'd give some other people some time, but may I just ask you something? I felt there would be use in having the Royal Bank. You certainly have expertise in enrolling a large population. As I recall, when I got your bank machine card, you could choose your own number, because I did. I thought it was convenient that I would use another of my personal identifier numbers.

Mr Tim Murphy (St George-St David): Don't say it on the record.

Mr Frankford: I actually chose the first six digits of my OHIP number, so in fact I was using the two. Now the ministry's gone and changed it, and I don't intend to start learning my 10-digit OHIP number.

Have you looked at the process that took place for giving everyone a card, and do you have any thoughts on how that could have been done better? Let me just throw you a suggestion you may not have thought of: What about letting people choose their own numbers?

Mr Martyn Cooper: That's a possibility. Like Mr Achen said earlier, it's not just a single solution; there are lots of pieces in the jigsaw puzzle. One is the card; one is some sort of customer identification system where you can check the numbers; and then there's a system that allows people to access it through terminals or whatever, in order to update their number or to see what services have been provided. So it is a total picture.

The banks don't presume to offer a solution for health care or to identify the problems. What we would say is that we've got some expertise that could perhaps help.

I take your point about Big Brother and about the pitfalls. We've certainly discussed and had multiple meetings with the OMA and the Ontario Hospital Association about these concepts, and they're fully in tune with some of the needs and some of the solutions.

In terms of the UK, there has been a big smart card pilot held in Exeter; it was used for certain health groups like diabetics and children to try and improve the flow of information between the family practices and the hospitals. So they have been looking at the technology to solve some of their problems.

Yes, we've looked at how you could register people in Ontario in a way that would use technology and solve some of the problems. I think issuance of the card has got to be completely open and available to everybody. I wouldn't presume to say what sorts of documents could be used there to identify people, but certainly when the cards were issued or were in use, one could run a check against Bell telephone databases, say, to say that the telephone number that was maybe given had the same surname as the person who was applying. One could check against the postal system's databases to check to see whether postal codes matched the name of the individual. One could check against electoral rolls to check that addresses matched up with individual names.

One could do those checks. Once the database was in existence of registered citizens, one could run checks against that, and we have to do that all the time with our bank files. We run what we call deduplication programs to check to see whether or not we have people with the same name and the same address having an account at different branches, because we like, in order to offer service to our customers, to know all the services they have so we can tie them together and offer them better packages. But yes, one could do that: One could do deduplications.

In terms of keeping track of the issuance of cards, one could tie into births and registrations and deaths to update the file in those instances. One could look at usage patterns to check to see whether cards were being used inappropriately: too many visits to too many doctors in too short a time frame; procedures, say, that were impossible to give -- a pregnancy after a hysterectomy; things like this.

I think there are lots of things that can be done to plug some of the gaps with the current system using the current technologies.

The Chair: I don't want to interrupt, but I have Mr Murphy and Mr Duignan who want to have a question as well.

Mr Frankford: Let me just point out one substantial difference is that we have an unregistered population and that these unfortunately tend to be the highest-need group: street people, natives. So this is one important difference to consider.

The Chair: Mr Murphy is next on the list and then Mr Duignan.

Mr Murphy: I was just wondering. I'm a Royal Bank customer and the card I have has the strip along the back, which is basically the same as the current health card, although we don't use the strip currently. In terms of the card with the strip on the back, the personal identification number is issued. What mechanisms do you have to control fraud with a PIN number, and do you have statistics as to how much fraud happens with a PIN number control system for the use of the card for the bank or across the financial institutions in general?

Mr Martyn Cooper: The card itself is just an identification vehicle, so all that does is just identify you as Mr Murphy, with a number that goes against our database at our computer centres. The personal number you enter on the terminal device you use is a secure device, and those personal numbers are then encrypted using encryptographic techniques for transmission over telephone lines. We use a one-way encryption capability so that we can't decrypt it when it gets back into the financial institution. Your PIN is then checked at the FIs for validity, and that's how we basically identify you.

We basically have some fraudulent situations that occur. It's a very, very small percentage, but we're continually upgrading our systems to check. Any system you implement I think has got to have monitoring systems attached to it so you can identify any frauds and react to them as soon as you see them happening.

Mr Murphy: Can you give me a sense of what that percentage of fraud is? I don't know whether that's competitive information with other financial institutions, but is there a broadly-based figure that all financial institutions experience on an average, or is that guarded?

Mr Martyn Cooper: We aim for zero and we achieve zero. We don't experience frauds through our banking networks. We experience attempts, but we don't experience any real successful ones.

Mrs Marland: You mean through the use of these cards?

Mr Martyn Cooper: Through the use of the cards and ATMs and our devices. We are totally secure there. We have people who try and defraud the system, but we usually pick them up. I really do think we aim for zero and we achieve zero.

1100

Mr Murphy: Obviously, what we're trying to do and what I think Dr Frankford and Mrs Marland were saying is to come up with a system that allows us to have some of the smart card technology without having the Big Brother component, without an identification that is so onerous as to be an unnecessary invasion of privacy. I think we all agree with that. We're just trying to move towards a system that's both efficient but also not an invasion by Big Brother or Big Sister.

What I'm trying to get at is whether there are some less-than-fingerprinting methods that can be sufficient to be a control and a monitor on the system. That also serves the purpose of eliminating, to the extent you can, fraud. The PIN system alone obviously isn't enough, because part of the advantage of the smart card technology is what you can put on it otherwise to control the kinds of health care duplications you get in prescriptions or services or other. I'm just trying to get from you a sense of what some of those kind of non-Big-Brother-like mechanisms are that can be used.

Mr Martyn Cooper: I think there are many. I think with mag stripe technology, which is the current health card, you could protect against, say, people passing their cards on to their relatives or organized groups that are selling cards to the US by, say, storing on a database centrally some basic biographic information like height, weight, sex, and allow the providers, if they so choose, to utilize that information to do some further checks of whether or not that person is authorized to have a health care service.

If you don't want to go that far, you could certainly have some means at some central location to go through services that have been provided and try and identify potential misuse of cards, with a hot list then being provided to doctors or to providers to, again, if they so choose, provide some sort of check.

I think an effective way of doing it might be if the information on encounters with the public did exist somewhere. There would then be the possibility of maybe sending a statement to the citizens of Ontario saying, "Here's what we think you've received in the way of health services this year," and for them to say, "I didn't receive that; I didn't receive this," and maybe identify where some card numbers are being passed on to some other individuals who weren't authorized.

I think there are lots of ways of doing it without being too intrusive. It's probably just a need to identify where the threats are and then try and plug those up. Any security system is just a matter of putting bumps in people's way.

Mrs Marland: Is it necessary for the institution, whether it's the bank or the Ministry of Health, to have on record somewhere your personal identification number in order for this system to work? Today, does the bank have our personal identification number recorded?

Mr Martyn Cooper: The banks have your personal identification number recorded in an encrypted system, so your number, when you enter it, is encrypted in a fashion that nobody in the banks can decrypt it. It's encrypted in a one-way encryption technique so it can't be decrypted, so nobody in the banks know your personal identification number, only you. If you forget it, you've got to be issued with a new card and choose a new PIN.

There are ways you can protect those numbers. There are ways of protecting, say, an individual's autonomy by not storing a name or an address with a card. You just keep a number and just track that number and by that number track what services are provided and try and identify it, because all you're dealing with is a number, and if that number comes into your system, then you say, "Well, maybe I should check." I think there are ways of maintaining confidentiality and privacy without too much of a problem.

Mrs Marland: Madam Chair --

The Vice-Chair (Ms Dianne Poole): Mrs Marland, actually Mr Duignan was next on the speaking list, after Mr Murphy. If you like, I'll put you back on the list for after.

Mr Duignan: I have just a couple of questions. Do you use the smart card technology yourself at the Royal Bank?

Mr Martyn Cooper: We do. We have two implementations. All our corporate customers and our independent business customers who want to access the bank from their places of business using personal computers are issued with smart cards to (a) secure that link and (b) secure who has access to those services at their own site. We use smart card technology as a security mechanism for that.

At our computer processing centre in downtown Toronto, we have approximately 2,500 people issued with smart cards. They use those cards to access the building. We have restricted access to certain areas using that technology.

We're using it, I think it's fair to say, in niche applications at the moment within the bank.

Mr Duignan: Are you anticipating expanding that smart card system to every user of the Royal Visa card for example?

Mr Martyn Cooper: We have looked at that. We understand the benefits of being able to deliver new services through the card. We're responding to the government request for use of the technology. Welfare and unemployment insurance, federally, have looked at using the cards to allow unemployed individuals to get their income much easier through banking devices. We've responded to that.

We have certain transit authorities in Ontario looking at using the card to provide easier integrated fare payment mechanisms so that an individual can get on a bus in Oakville, use the GO system and then use the subway system, pay one fare and have that split back between the authorities. We're looking at how we can help various authorities use the card. We've looked at it in terms of our own networks, issuing it to all our customers.

There are certain smart cards standards committees now working at the Canadian Payments Association level to set standards so that if we do choose to implement the technology, we have those standards in place.

Mr Duignan: I agree with Margaret Marland, that I would have real objections to using fingerprints or eye scans for ID. That smacks way, way too much of Big Brother.

Mr Martyn Cooper: I agree.

Mr Duignan: That's going overboard. But I also believe that I think we can use existing technology a little smarter as well, existing cards, as you indicated earlier.

I'm wondering, for your own employee health benefits, for example, do you track those? Do your employees have a card that they use every time, for example, if they're sick and they go to a drugstore? Do they use a card or do you still use paperwork?

Mr Martyn Cooper: We still use paperwork. There have been proposals by companies to issue card-based plans to employees of organizations. The problem there is that there is no infrastructure in place within the pharmacies to read these cards and to process the transactions to some sort of central point. The pharmacies have always been waiting for the government to take the lead, because they don't want to end up with multiple devices on their counters: one that will read government drug benefit cards, one that will read insurance company cards and one that will read a Visa card, say. They're waiting for a solution which will integrate all the possibilities together.

Mr Duignan: Even though there is a fairly extensive card-use system in place at this present time in pharmacies.

Mr Martyn Cooper: There's a fairly extensive system in place in some pharmacies, but I believe the card is used as an identification mechanism and then the forms are filled out on the computer. I don't think there's any yet that reads the stripe on a card and uses that to generate a transaction.

1110

Mr Duignan: There's a company in Mississauga which a lot of the insurance companies use to process the information. They have an absolutely fabulous system. They can pinpoint what pharmacies are on line, wherever the system is in a particular community. I'm just curious that the Royal Bank, for example, which is encouraging the government to get into the smart card system for health care use, hasn't looked at an internal system for its own employee benefits system.

Mr Martyn Cooper: We have, but like I say, we were wanting to fit it in with an integrated system that would fit into the province as a whole.

Mr Duignan: Yes. Because as you know, the province is moving that way, towards the drug benefit cards, hopefully some time this year. So when that happens, you'll be looking at integrating your system in with that system, with the pharmacists.

Mr Martyn Cooper: I would think we would look at that.

Mr Frankford: Madam Chair, there's another deputation.

The Vice-Chair: Yes. Actually, Dr Frankford, thank you for pointing that out. We are somewhat behind time, but this information was quite valuable, so I would like to commend our two witnesses. I think we have a brief comment by Mrs Marland before we go to our next witness.

Mrs Marland: My comment is probably a little facetious, but I have enough cards here. I didn't want to show you the TD one as well. But I have 11 cards here, and if there is a technology where, if I have to go to the hospital or I have to go to the bank or I have to go to the video store or whatever it is, if we could put all of that on one card -- I really commend the Royal Bank for the research and development that you've done in this particular field alone. I think it is commendable that your board has decided, from a corporate perspective, to pursue the development of this technology. I hope it's one that the taxpayers of the province can benefit from, through somehow perhaps even this committee being in a position to recommend that we go to a technology that eliminates us carrying around -- it's the risk, I think, that I'm talking about when we have this many cards.

Of course, for an extra fee, you can secure the replacement of all these cards. How absurd. We've got ourselves into such a situation now where we have to register to protect ourselves from when we lose these and your whole world falls apart because suddenly you've lost all your ability to move and function.

I agree with us not carrying money any more, and I think to be able to use cards is marvellous, but I also think that the embarrassment we are in at the moment with how much fraud has been evolving around the use of health cards is just deplorable. We can't live as legislatures with permitting the ongoing fraudulent use of health cards. I really appreciate the fact that you may have the solution for us or lead us in that direction. I think it's excellent.

The Vice-Chair: Thank you for your comment, Mrs Marland. I'll take it as a comment rather than a question.

I'd very much like to thank Mr Cooper and Mr Achen for coming on behalf of the Royal Bank today and for your assistance to our committee.

Mr Martyn Cooper: Thank you.

BRYKER DATA SYSTEMS LTD

The Vice-Chair: I'd like to call our next witness, Renah Persofsky from Bryker Data Systems Ltd. Ms Persofsky is the vice-president of business development. Good morning and welcome to our committee. If you would like to begin by giving a brief presentation on smart cards and your involvement with it to members, then we'll open up for questions from the members.

Ms Renah Persofsky: Firstly, what my understanding was of what I was talking about today is card technology in general and the use of card technology. I think smart card may be one thing that I'll talk about, but very briefly, in that part of my belief is that smart card is a technology looking for a solution versus the other way around. So I'm going to have a different approach than what the Royal Bank and some other people have on smart cards.

There's a presentation that I prepared and some copies are being made of it, so I will get started and then we can go through some of the stuff I wanted to discuss.

I'll give a bit of background in regard to our organization and what we do in the area of card and card technology, and then go through on what I was prepared to talk about today.

Our company, Bryker Data Systems, does the credit card authorization service for the government of Ontario. It's a new service that has been put into place and we are doing it for the used vehicle information package program, UVIP, at the present time and credit cards services are going to be expanded with the government of Ontario.

Computer and telecommunication services put out a contract or a request for proposal, an RFP, in which we want to do the credit card authorization in conjunction with them. Their feeling was that they did not want the banks to have ownership in dealing with it, but we actually have a switch that does the authorization in conjunction with the two lead banks that the government does business with: CIBC and the Bank of Montreal. So we're going to be talking in regard to authorization services in regard to credit cards and there are ideas that can be done based on that for what we can be doing with the health card and other cards.

I think there are a lot of issues that have be discussed in regard to a broader issue. Right now, with the Freedom of Information and Protection of Privacy Act, there are a lot of issues associated with the protection of information. The issue in regard to the different ministries and the data that are in the different ministries is a broader issue, in that today you can't go comparing databases within the different ministries. So if you take a health card and you can to compare it with someone born in this province, you can't go to the Ministry of Consumer and Commercial Relations and check on the database to see if that person was born or is dead.

There are a lot of issues associated with comparing the actual information that's available today to check on the use of a card, in particular the health card, in the same way that you can't go to the Ministry of Transportation and check if someone is a valid driver. Those are the issues that are associated with checking on people's cards or the ability to use a card.

On the presentation that I have, I've separated in regard to different categories. We're talking about user's --

Interjection.

Ms Persofsky: Did you want me to continue?

Mr Frankford: Yes.

The Vice-Chair: We'll hold our questions to the end, but members may be indicating, as we go, that they would like to be on the list, so please just continue.

Ms Persofsky: There is users, ID, authentication, eligibility and services. There has been a committee set up within the government to look at having one government card. A lot of the issues and the problems would be solved if there was one card that would be used by people within the province. The whole concept of having many cards: It was touched on before, about taking out and having a lot of cards for a lot of services.

Today what happens is that a user has a card and the question is, is it a valid health card? What is happening today is that cards are being looked at to say, "Is this a valid card?", versus, "Is this person eligible to be using this card?"

The issue is often not, are the cards valid cards? Right now there are many more cards than there are people in the province, so obviously people are making additional cards, and they can have random numbers, and the issue is then not only, is this card a valid card, but is the person using the card valid to be using the card? That's where a lot of the fraud is and a lot of the issues that a lot of people are talking about, going through and changing the numbering systems or whatever it is.

But I think the issue has to be, can we put a picture on to the card? So when someone goes and uses the card, can you compare the card to the picture and therefore validate that this person is the person who's using the card so that the many cards that are being put out there -- because right now you can go and take somebody's card, go to a doctor and use the card.

As far as there's a valid card, I think the doctors have an issue with the valid cards in that right now there are many version numbers to the health card. What has not been publicised is that you receive one card and then you go ahead and say you've lost your card and you get another card, but essentially with a different version number. Most people don't know that there's a different version number so they go ahead and they find their old card and they go back to use their old card, but there's no way of showing that the number is the same. It's just a different version number.

You go to your doctor using your old card versus the new card, and the doctor goes and takes the number. But they have no way of checking, is this a valid card today? So they take the number and a week later you move to BC, and the doctor has a very difficult time now collecting his money because the version has changed; the number has stayed the same but there's a different version on it. So there are issues associated with the versions in the way that the system is on the cards today.

1120

But going one step forward, if the cards have to be changed so that you can ensure it's the right person -- people are saying you can show your transportation card maybe, and just show ID associated with it, so when you go with your health card, if you show your driver's licence then you can show you are the person who is on there. But I think then there's an issue of putting the onus on the doctor or the health system on ensuring it, and what happens if you're not that person? Do they have the right to say, "No, you can't have these services now because your card isn't a valid card"? I think there are a lot of greater issues associated with that as well.

If there were a one-government card, though, and we did have the picture of the person on it, then one could look at all the different services that person is eligible for. You could have a card that says yes, you have a driver's licence, so you're eligible to use it for that, that you have an angler's licence, or that you are collecting social assistance and therefore eligible to use the card for social assistance.

The databases are all available, and with CTS having the mandate for the telecommunications for the government, the ability to via switch to go to different databases and have one government card is available today. The technology is there, but we're back to the issue which I stated in the very beginning, and that's freedom of information and going back to all the different databases on ensuring the proper information.

I'm very open to questions from the floor, and once people receive my presentation on different things, if they want to ask questions associated with that, I'm pleased to answer those as well.

The Vice-Chair: Since the presentation is just being handed out right now, I wondered if there were any parts of your written presentation that you wanted to highlight prior to going to questions.

Ms Persofsky: In terms of identification, there are many different ways of using the existing cards and identifying the people. There is obviously the mag stripes that have information on the back of the health card today; there is your date of birth, if it's accurate, on the back of the card, but there is the opportunity of putting more information on that. There are different things that can be done with the card -- ghosting, holograms, smart cards -- that you've been listening to, so there are a lot of things in regard to identification.

I think there is more in regard to authentication, which is on the next page, that's more important, and that can be done in many ways: a PIN; a photograph; a biography or some information on the user; or presenting another ID. So there are many ways in regard to authentication, but I think that's where it has to be. Just identifying that the card is a valid card I don't think is good enough. It has to be that the person using the card has the ability to use the card that needs to be the issue.

The Vice-Chair: Thank you. We're open for questions now, and we'll start with Dr Frankford.

Mr Frankford: Thank you. It was very interesting. It's really hard to know where to start. I'll probably make comments more than ask questions.

I guess the distinctive thing about health is that it's a universal entitlement, so one could start by saying that you have that, or if you have something else which is a limited entitlement but tied with your citizenship or residency here, you should get it automatically. One could suggest that if you don't have your health card you could produce your driver's licence, because I think you can only get a driver's licence by being eligible for health care.

Mrs Marland: I know someone with three drivers' licences.

Interjections.

Mr Frankford: That's interesting, because the reality is that the policing of drivers' licences is pretty tough. You get stopped randomly, so you have a strong incentive to do everything correctly. If you have an accident, that's the first thing they'll ask for, and your insurance may be invalid and all sorts of horrendous things may happen. I think one could almost say there's no problem with drivers' licences. I admit this would be useful for a certain percentage of the population.

In fact, I'll make another comment related to what you've said and what the Royal Bank said. There are discussions about putting people's height and weight on. Let me remind everyone that this is also given to newborns and presumably is something that we are designing to remain in place from here to eternity, now that we're doing it. That's not going to work.

Ms Persofsky: In regard to putting pictures on as a government card so that the card is being used for everybody within the province and then having the ability to use it and what services you are eligible to use, obviously, for children you're not going to do that. But for the issue right now, people sharing cards, passing cards, duplication of cards, fraud and everything else associated with it, the amount would go down substantially. If every ministry and every program were doing their own card, the costs are astronomical, so if you can have one card, the cost would go down substantially.

I think the issue is, how do you provide something as well as helping outside industry? Canada's Wonderland today goes through an awful lot of cost of putting pictures on its cards for people to use in the summer so people can't share the cards. If one could have a card that has one's picture on it, it would save the province in regard to that as well.

Mr Frankford: I'll pass the questioning on, but I'll just comment that I think that we may be dealing with a false paradigm in relation to health care, because this is based on a fee-for-service model.

The Vice-Chair: Your presentation's generated quite a few questions, and because we don't have a lot of time left this morning, I'd ask if members could keep their comments and questions as brief as possible. We have Mrs Marland, Mr Murphy and Mr O'Connor.

Mrs Marland: I guess Mr Murphy and I have equal time with the five government members over there, right?

How old is your company?

Ms Persofsky: Our company's been in business for 17 years.

Mrs Marland: In Mississauga?

Ms Persofsky: No, we are actually in Markham. We have two data centres and one in Don Mills. We run three data centres.

Mrs Marland: And you've been 17 years in Markham?

Ms Persofsky: No. Don Mills and Eglinton was our facility before we moved to Markham.

Mrs Marland: Okay. When you talk about the picture on the card, you're talking about a photograph in the real sense?

Ms Persofsky: Technology today allows that it's actually a data picture and it's actually in the card as part of the process of the card. There are many companies -- we are not one of them -- that produce and make these cards, and they are widely used and widely available today.

Mrs Marland: That's what I wanted to ask you: Are you talking about a picture that is in a chip in terms of a computer interpretation? You're not talking about a photograph; you're talking about a picture of that person that has to be interpreted through computer means.

Ms Persofsky: No, you'd actually see the picture on the card.

Mrs Marland: Then what is the advantage, when you can put the same information in a computer chip? It's another kind of picture, but it still is an identifying mode, isn't it?

Ms Persofsky: It saves it in that if you're giving it to a physician or anybody, they can see it without having technology to go ahead and read it, so they can actually take a look at it, compare and have it visually available to them.

Mrs Marland: I'm interested in the whole aspect of -- I mean, if I have a card with a picture of me on it, it still doesn't protect the system from the fact that I may reside in one of the states or another country, so I'm not clear how what you're saying will eliminate that problem, because that's the major problem of fraud.

1130

At the same time also, you talked about -- if you can answer that question and this one -- the Ontario government card. If you're talking about one Ontario government card, does that mean that I get my driving licence, my fishing licence, my hunting licence, maybe my casino credit card and my health card all on one piece of plastic? Is that what you're --

Ms Persofsky: That's what I'm proposing; that's correct. It could be the same way in which one gets authorization on a credit card, where, if you go to pay any bill, they will swipe a card and it will go through the system and say, "Yes, this is a valid card," or "This is not a valid card." You can have it in terms of having a database that it would read against to say, "Yes, this is a valid card and these are the services that are available based on that valid card."

The concept of having the picture on it is to have one compare, is this card and this person who's using this card the same thing? So there are two aspects to it. One is to ensure that, where you're using it, you are the person using the card, because you could, if it does not have a picture on it, give it to your next-door neighbour and say, "Go and say that you're me." And if they go and say, "Yes, this is a valid card," they're not ensuring that the person using the card is the person who is entitled to.

So there's two methods that have to go through the system to ensure the accuracy and the authenticity of the card.

Mrs Marland: In your handout that we've just been skimming through, now that we've received it, there's a lot of talk about magnetic strips. I was given a beautiful snakeskin wallet, and of course a year later I realized why everybody was having to manually input all these wonderful cards I have, because I had kept them in this wallet. What are you proposing? Not to use magnetic strips? The chip isn't impacted by the magnet, is that correct?

Ms Persofsky: That is correct. It's not. My belief is that, because the strip is already on the cards and it's very inexpensive technology -- a smart card today is very, very expensive technology. One looks at a card at 78 cents versus -- there are different numbers, but $5 to $8 a card with a smart card. So the question is the dollars and cents associated with the different technologies.

A mag stripe is now on the health card today. It's inexpensive technology and widely used. The technology on reading the cards is out there based on that. Card authorization can be used with the stripes as well. That's why I'm saying it makes sense, because it's inexpensive and widely used technology today.

Mrs Marland: Because it already exists, is what you're saying.

Ms Persofsky: That's correct.

Mr Murphy: Obviously, the essential reason we're doing this is to eliminate fraud in the system, although I guess there are a couple of ways in which that fraud can be produced: obviously, the non-resident user problem, someone who might be a valid user but who is doing repeated visits and then selling the drugs on the street or whatever.

So you've got then two points where it can happen. You want to make sure the person who has the card is the person who's supposed to have the card, so you need some kind of mechanism to ensure that happens. The second way is, you obviously have to ensure that the person who gets the card has the right to have a card.

Ms Persofsky: Then you can go one step further. Today you might have the ability to use the services with the card, but next week you may not. For example, today you may be on welfare and have the ability to use the drug program, and next week you're no longer eligible. Well, it's very difficult to get the card back, so what does one do? If there is one card, and now it's just the services that one is checking on to see if they are eligible for these services, then you take away the issue of getting cards and delivering cards back and forth.

That's the purpose and the benefit of having one card, where every resident does have a card because every resident is eligible for health care in this province: It's all the other services associated with it. But you want to ensure that the people who do have cards are residents of Ontario and are not passing cards, duplicating cards or making cards up for other people to be using.

Mr Murphy: So if your goal is, in part, in terms of having the card, to ensure that the person is authorized to have the card, I guess there are a number of ways. Either they come in and fill out a form or whatever they do in order to get the card and you take them at face value, that there's obligation -- although there are changes in status, as you pointed out, so if you're going to do something other than just fill out a form, there has to be a place in which that information is stored so that you can check it on some kind of basis to ensure that the right to have the card still stays and still exists.

So the question is, in a magnetic strip card context, that would then have to be stored, presumably in some central computer that the government would have and then the card is merely a way to access into that record, as opposed to carrying the information on the card with you, in the smart card context.

Ms Persofsky: That is correct. Right. So my recommendation is that the information is not carried on. It does not have to be in one central place when telecommunications ability can be in many different places and collecting the information based on many places today. So the whole concept of having one big computer with all the information is not required.

Mr Murphy: Right. So what you'd end up with, especially if you went to a one card for all government services model, is that somewhere you'd have all of the information the government has about you and about your right to service on one file in one centre.

Ms Persofsky: Wrong. No.

Mr Murphy: Okay. How do you protect against that?

Ms Persofsky: What can be is that all the information stays based on the ministry and one would go with -- the way telecommunications are set up and being presented in the government today with what they call switches, you can go from many different databases and get the information. It does not have to be in one central location.

Mr Murphy: I understand that, but what we also want to protect against -- again this is a privacy concern -- is for one arm of the government that should in no way have rights to information other than for the strict purpose for which it's needed to have access to that other set of information as part of your one-card system. How do you protect against Comsoc talking to Health in inappropriate ways?

Ms Persofsky: Each of the systems would be set up with an eligible and non-eligible for a service and no other information associated to it.

Mr Murphy: Obviously that's what you're -- I'm saying how in a technical way do you prevent the access from occurring? Can you prevent it, other than to say it shouldn't happen?

Ms Persofsky: In the same way that you can prevent today anybody getting into any information from any ministry. It would work in the same way. One can check if you're eligible for or have an angler's licence today by going and checking if you have one. It would be the same way. You'd have what they call a switch, which would go to different based-on-approval accesses to get the information, and yes, you do have a licence, or no, you don't have a licence. It's more technical than explained, but there are very easy ways of doing it to ensure --

Mr Murphy: What I'm trying to get at is, you'd want government officials only to have access to certain databases and the only way they could get access to even the ones they were approved to have access to is to have some kind of identification number and that only allows them into certain bases.

Ms Persofsky: Correct.

Mr Murphy: And unless they have access to something else, to another identification number, they couldn't get into any others but the ones they're authorized to have. Is there a way to abuse that system?

Ms Persofsky: No. It would be in the same way today that the Solicitor General is using information to go against the databases of the Ministry of Transportation to say, "Have these people paid their fines or not, and what is their driving record associated with different fines that haven't been paid," and getting information based only on a need-to-know basis, but different ministries to different systems are getting information that is associated for the specific purpose.

Mr Murphy: Have you met with this committee in the government that's considering the one card?

Ms Persofsky: I have talked to the chairman of the committee and have received minutes from the last meeting on it. They are looking at it and reviewing the ability to do that and are cooperating with many of the ministries to see how they can do this and ensure the confidentiality and the privacy act accordingly.

Mr Murphy: Do you know who that person is?

Ms Persofsky: Yes, it's a person named Mr Doug Farrar. He's from the Ministry of Transportation.

The Vice-Chair: We have Mr O'Connor followed by Mr Perruzza.

1140

Mr Larry O'Connor (Durham-York): I guess the question that I have is, because this technology -- we're getting this explained to us and I'm not very familiar with it, other than there's this black strip on most of the cards in my wallet. It intrigues me that we could possibly come up with an Ontario card for the five cards that say "Government of Ontario" on them in my wallet, which would make life much easier.

Could you explain a little bit to me the magnetic strip and how it works, and can it be altered, or how could it be altered? I guess a concern I have is that with magnetic strip that could contain a demographic description of the user, what happens in the instance when a newborn comes home from the hospital, and of course it's pretty hard to describe the demographics on that magnetic strip for identification purposes.

Ms Persofsky: Today the only information on the health card, on the magnetic strip, is your date of birth -- and some people are questioning how accurate that is -- on the mag stripe. But that is all the information that is contained there. I think it's up to what one wants to see on the back of the card in a mag stripe as to what needs to be on the mag stripe.

Right now, the difficulty is that the number of our health card is a random number. Our driver's licence, for example, has our birthdate on it as part of the number and our health card does not. It's a random number that has no meaning to it. If one was starting from zero today, it would probably make a lot more sense that each number has some meaning to the number, but I think there's a major cost associated with it versus "Here are the numbers that are already there."

I think there has to be a decision as to what actual information is required on a mag stripe to the person that has to be on there. It might not be that anything is required other than an identification picture saying that this is the person, here's the number, and if you put it through a card reader, it would be sent to a database where it would say, "Yes, this is valid," or, "No, this is not valid," and leave all the other information off the card.

Mr O'Connor: But in storing the technology on that strip, where is that information put, and can it be changed? If, for example, you had demographics in there and last year I didn't wear glasses, this year I wear glasses, for identification purposes, how can you change that?

Ms Persofsky: You'd be far better off to have a PIN number or things that aren't easily changed, based on that. That's why PIN numbers are put on to bank cards today, for protection in those areas.

Mr O'Connor: How would that be put on, though, or where?

Ms Persofsky: That I can't tell you. I don't have that answer.

Mr O'Connor: The folks from the bank left who might have been able to help us.

Mr Robert V. Callahan (Brampton South): What's your PIN number? Tell us what your PIN number is.

Mr O'Connor: Mr Perruzza has a question, I believe.

Mr Anthony Perruzza (Downsview): My question is very simple, understanding that health care is rather unique and understanding that there's obviously some sense of nervousness in dealing with that.

In Europe -- I believe it's in all of Europe; I know it's a fact in Italy that everyone has what's called an identity card, a carte di identita. It's a card which has a picture, it has a name, it has a residency place, it has a birthplace and so on. That basically has to be used for just about everything that you do. The reason I mention that is that I'm not averse to having an identity card.

But my question to you is this: Given that I have to walk around with a number of plastic cards in my wallet, has private industry -- the banks and telephone company and all those other people who are out there issuing plastic cards -- given any thought to a universal card on which they could all store all of their information and share the costs of issuing such a card?

Ms Persofsky: The banks would love that. I think there's a major issue, and one of the reasons I'm in favour of a government card versus the banks owning the card is the banks want information and they want control over that information. I think that's very dangerous. So the cost of having a government card makes a lot of sense. In regard to having a bank card where the bank or a bank has information and access to information and is dealing with that, I don't think that is protection of everybody in this province.

Mr Perruzza: No, no, no. But their getting together, for example, and all the banks sharing the information and issuing one bank card as opposed to -- see, now I walk around with a convenience card; I walk around with a Visa card and most other -- and then you have several credit cards and you have a Bell Calling Card, right, consolidating all of those.

Ms Persofsky: I'll disagree. I think there's more competition than people getting together. AT&T has just developed a new credit card. I believe Bell will probably have their own credit card and it's going more into the banking. I think you're going to find more credit cards and that people make an awful lot of money on credit cards; there are merchant discounts. If the banks had a choice of getting out of every other business, credit cards will be the business they'll stay in. That's their number one moneymaker. They get the merchant discounts, the dollars associated with it, and based on that --

Mr Perruzza: But if you could store all that information on the chip, they could all still have their credit cards and just issue one plastic card that you need to walk around with. Then if you want to charge it to your Bell credit card, you'd just simply indicate that. No?

Ms Persofsky: I don't believe the banks would go for that, no. Then they'd be fighting us. You're going to leave a card and you're going to decide if you want those on Visa or MasterCard. I think it's whichever services. They'll leave them separate.

Mr Perruzza: So you believe there are too many impracticalities in their coming together and doing that?

Ms Persofsky: I can't see it happening.

The Vice-Chair: Mr Callahan and then, if we have time, Dr Frankford.

Mr Callahan: I notice on the material you've given us -- and maybe you've told us already -- you're not suggesting there be an expiration date on these cards.

Ms Persofsky: There can be, based on putting new pictures that are required associated with them, the same as the driver's licence. There are expiration dates associated with -- you get a licence for, I think they've changed it now, for five years versus three years, but there is a period of time that one must go and get a card updated or a new picture associated with a driver's licence or renewing something. In regard to the card, I don't believe that -- on a health card, I think there should be every certain period in time that one must have the picture updated or something associated with it.

Mr Callahan: The reason I ask that is, if there isn't an expiration date or something that triggers a sort of reviewing of the person, the alternative I suppose would be to make it by law a requirement that you update your information as you have to do with your driver's licence.

Ms Persofsky: It would be the same way that one has to by law update their information and you would -- and the same as a health card, to say that you are moving and this is your new address, whereas a government card you would use the same standards as a driver's licence. I'm not saying one should be paying money to have a health card, but if they want the different services associated with it, they would be paying their money, other than their health card, for the services in the same way that there is today.

All I'm suggesting is that, instead of having many cards out there, you have one card and the issue is what services are you eligible for based on this card versus every time that you are eligible for another service and you get another card.

Mr Callahan: That would require some type of updating, because presently, although it's being slowly eroded, the drug benefit plans for seniors -- in about 60 years when I become a senior -- I'm lying --

Mr Murphy: How about months?

Mr Callahan: -- I'd have to get another matter put on to the magnetic tape to allow me to use it for the drug benefit plan.

Ms Persofsky: No, what I would suggest is that there would be a swipe that would go through and, once you turn 65, you would be eligible. Based on going and having the card swiped it would be showing that you are now eligible for this service.

Mr Callahan: So this would activate the computer record.

Ms Persofsky: That is correct.

Mr Callahan: We had some concerns about that. Obviously, with 25 million health cards versus eight million Ontarians, there has to be a very tight program put together. You weren't here but we had some evidence at earlier hearings about the fact that -- I think it was in the health computer -- they didn't have the blank code entry. It was there for anybody who was walking by the computer to see how to access the computer. I suggested that was a very dangerous thing, probably equally as dangerous there as it would be in the Ministry of Transportation where somebody could just crack into the computer or crack into it from their home and change everybody's records.

I know what you're saying, but is it possible to put all of this stuff on to the magnetic tape and to add to the magnetic tape or replace the magnetic tape?

1150

Ms Persofsky: Or a smart card or whatever. I don't think that makes much sense. Once one loses one's card, then what happens to the information and so on and so forth?

Mr Callahan: The other would be backup, you'd still have a computer record of it, but what you'd be able to do is if you had any suspicion that someone had gotten into the computer, you'd be able to check it against the card. I think we need a very sophisticated program in order to avoid any possibility of the massive dollars that have been lost as a result of --

Ms Persofsky: The issue with the health card and what has happened is that when they went from the old system to the new system, they virtually transferred garbage into more garbage. There's an issue associated with the numbers. What I'm basically saying is that on credit cards today there is no issue in regard to security and people going in there and doing things. The security is so tight in regard to an ability to have such tight security on that, that the ability to swipe and get authorization based on having information in different databases and the types of security to that, that is not an issue technically.

Cleaning up the garbage that's in the health care system today is what the issue is, getting that cleaned up, that every single person is authentic to the card that they have, because the issue right now is that you can get cards made up, make 50 copies of the same number. There's no ability to say that same number isn't being used by 50 different people, because all that one can check up right now is, is this a number that is in the system? But what there is no proof of is that you can take these 50 cards and have 50 different people using the same number going to doctors all over the place. If there were a picture, an identification of the person who's using the card, it would stop substantially the amount of people just running around using these duplications of cards, because that's where the issue is.

Mr Callahan: Can I just ask one more question, because Dr Frankford wanted to --

The Vice-Chair: If it's very brief. I think they're about to call us up.

Mr Callahan: We had been told that on the plastic strip right now there are certain data: date of birth, sex and so on.

Ms Persofsky: The only thing that's on there that I'm aware of is the date of birth, and on many of the cards it's not accurate.

Mr Callahan: We had evidence from Mr Decter, I think. But finally, I find that the banks have a very simple system. I had suggested that I had a passbook for Canada Trust, I think it was. Your name is signed in the inside cover; you can't see it unless you hold it under an ultraviolet light. I'm concerned about the picture, because I think the picture is going to cost us a lot of dollars --

Ms Persofsky: Very inexpensive.

Mr Callahan: -- and we're going to have to change it as people get older and all the rest of it. But in order to avoid that, could you put a signature on the magnetic tape that would show up under a certain type of light?

Ms Persofsky: What you're asking, based on that, though, is very expensive technology on behalf of the physicians and the hospitals to start reading them and people carrying them around.

Mr Callahan: We were told it would cost peanuts.

Ms Persofsky: Assuming that it is a signature, what happens if you get a card and there are still the 50 numbers out there now with 50 different signatures of different people on it and they're comparing things to it? You're not stopping the people in regard to the eligibility of that person who is going for that particular treatment by being able to compare.

The pictures are very, very inexpensive, based on the technology today, and you're then ensuring that it is the person who's going there for those specific services. On a signature, you're not achieving it, unless someone is then going to start comparing -- well, it still wouldn't work.

Mr Frankford: Perhaps I could start by repeating your comment that maybe this is "solutions in search of problems." I think we should remind ourselves that defining the problems is really not at all clear. I think we have not been talking about one of the real problems which exists there, which is non-payment or slow payment of physicians, and I declare my interest in being a physician. I think if the system is not smooth in all directions, then it's failed. We've had a lot of discussions about problems of multiple doctoring and drug abuse and whatever, and I don't deny that those things occur, but I don't think that we really have particularly good facts on them.

In the presentation that we had from the ministry, it did talk about one study it had done, which was actually to do a bit of spot-checking, to go to Kingston, I think it was, and to actually sit in the outpatients and check people's credentials and eligibility. I think they found some slight problems, but it was not overwhelming. I think that perhaps this committee should be making some recommendation to be doing that much more, because I suspect that it would probably be every bit as effective. I've already said what we have right now is very ineffective, because we've virtually chosen to overlook a significant part of the problem, which is slow paying.

Ms Persofsky: I think there's two issues. Today, all they can check is if a card is a card that is in the system or a number that's in the system. It's very difficult and I don't believe it's being done at all, saying that this person is a valid person for this card. So we're back to an issue in regard to cards and the valid person. People keep on talking about how we ensure that this card is a good card. You have to ensure that about the person using the card.

In regard to physicians being paid, there is an issue in that if they don't have the right version number, then doctors have a difficulty in regard to being paid. So that's where the issues are in regard to the doctors, as well as getting the money associated with the services that are provided. Is that where you're coming from?

Mr Frankford: So let me remind people that the regulations of the College of Physicians and Surgeons of Ontario really require a physician to register on that patient record. If I am practising according to their requirements, I have a history sheet and I'm pretty sure that I'm supposed to put down the name, address and date of birth. If one was taking a spot-checking approach, I think there's a whole lot of checking already in place without having to spend huge amounts of time on theoretical, technological discussions, with which I'll finish.

The Vice-Chair: I'd like to thank our witness today for coming before us and giving us yet another alternative or possibility in this area. We very much appreciate your presentation and your time.

The public accounts committee will stand adjourned till June 17 at 10 o'clock. I'll remind members of the steering committee that we are having a meeting immediately following our adjournment today. Thank you.

The committee adjourned at 1157.